This wasn’t as straight forward as I thought, because of bad or not relevant documentation everywhere. Almost every documentation about PHP Composer shows what it is, how to install and how to write a composer file for your own application.

But what if you just found an application on Github that you want to use in your existing project? How does it work and what does it do?

This short little tutorial will only show you how to integrate a “composed” code in to your existing application. I you are not that familiar with Composer, i really recommend to see some YouTube tutorials and read some docs before.

And then….

The packages downloaded will be added under /vendor folder.
E.g. /vendor/adldap2/…

To use adldap2, you have to include the /vendor/autoload.php file.

Example of code for testing:
Remember this is a sample code that need to be edited with your own paths, servers, user, etc…

PHP

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

<?php

require('.../vendor/autoload.php');

$config=[

'account_suffix'=>'@login.mydomain.local',

'domain_controllers'=>['DomainController1','DomainController2'],

'base_dn'=>'DC=login,DC=mydomain,DC=local',

'admin_username'=>'LDAP_USER',

'admin_password'=>'LDAP_PW',

'use_ssl'=>true,

'use_tls'=>false,

'use_sso'=>false,

];

$adldap2=new\Adldap\Adldap($config);

?>

My thoughts about composer

I understand the benefits of using composer, as it boost the developers performance. You also don’t need to load classes and check for requirements when using the composer.

But keep in mind! By using it, you will auto-download third party packages. By require one package, the composer can also download multiple required packages for that single package you are requesting. This means you have less control of what is actually included in your application.

If you google composer and security, there has been som issues already. Some people mirrors the Git-repositories to get control, so they can update and pull their own code. But is it necessary to use the composer then? Why not download the packages manually and just use an autoloader?

In the end, the Composer can be a great tool! But do an risk assessment before using it 🙂